2017-03-03

DFS-R 複寫失敗問題處理

DFS-R 是好東西
但最近一直遇到複寫失敗, RPC 連線失敗的情況
試遍各種網路上找到的偏方都無效

包括:
  • Event 5014 DFSR Error:1726
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/d27bd902-034e-4230-9516-0ede42308193

    Running DCDIAG on any of our domain controllers (all are Windows Server 2008 R2) resulted in the following error:
    ADD Value To: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

    DWORD:DisableTaskOffload=1
    DWORD:EnableTCPChimney=0
    DWORD:EnableTCPA=0
    DWORD:EnableRSS=0

  • DCDiag Error Enterprise Read-only Domain Controllers doesn't have Replicating Directory Changes access rights for the naming context
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/6d4fc381-cc50-4386-9038-6e51ef378131
    Running DCDIAG on any of our domain controllers (all are Windows Server 2008 R2) resulted in the following error:
    Starting test: NCSecDesc
       Error OURDOMAIN\Enterprise Read-only Domain Controllers doesn't have
          Replicating Directory Changes
       access rights for the naming context:
       DC=ourdomain,DC=com
    Verifying the Problem:
    Using Active Directory Users and Computers (ADUC) and navigating to \Users, verify the existence of a Security Group called "Enterprise Read-only Domain Controllers".   In our case, that group already existed.  Exit ADUC.
    Using ADSIEDIT, right-click on Naming Context "DC=ourdomain,DC=com", choose "Properties", click the "Security" tab and verify that "Enterprise Read-only Domain Controllers" shows in the "Group or user names" pane.  In our case, that group was missing.
    Resolution:
    In ADSIEDIT, click the "Add" button, type the group name "Enterprise Read-only Domain Controllers" and click "OK".  Next, highlight "Enterprise Read-only Domain Controllers" in the "Group or user names:" pane and then scroll down in the "Permissions:" pane to find "Replicating Directory Changes".  Enable (check) the box in the "Allow" column to the right of "Replicating Directory Changes" and Press "OK". 
    Exit ADSIEDIT and re-run DCDIAG.  This solved the problem in our case.
  • 忘了出處cd %windir%\system32\wbem
    mofcomp dfsrprovs.mof
    net stop UALSVC
    net stop iphlpsvc
    net stop winmgmt
    net start winmgmt
    net start iphlpsvc
    net start UALSVC
    net stop dfsr
    net start dfsr
  • 忘了出處Open regedit as an administrator account on the server in question.
    Navigate to HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\[Choose the interface in question]
    (Do this by checking the correct IP address is in the settings underthis key for the adapter you are configuring)
    Once you are in the correct key for your interface, right-click and select new DWORD value (32 bit).
    Call it MTU
    Give this a decimal value equal to the setting you would like your MTU to be (measured in bytes). I changed mine to 1400
以上統統沒有解決我的問題
最後是與我用來做 Site to Site VPN 的 Draytek Vigor 3900 有關
我使用的是 IPSec with GRE 的 Load Balanced Mode
改成 Backup Mode 就好了
但這樣頻寬就沒辦法靈活運用了呀
再研究看看

沒有留言: